in them. They get patched frequently but each major new version has new holes! The basic problems are often the user & such script items asFlash, Shockwave (also run thru Adobe Reader etc). These items have as much control over your machine as you do at the keyboard!! Likely more because they perform whatever in micro-seconds and you react MUCH more slowly! That why one must be very careful with these.

At present, I suggest Firefox &/or Sea Monkey as preferred particularly WITH the NoScript add-on added! NoScript blocks all scripts upon reaching a site. Available for Both FF & SM.

When you click on the NS icon at bottom right of screen, it lists who is trying to run scripts on your machine and you can allow/allow temporarily for this visit/deny each one individually.Smart, safe sites try not to require Scripts for the main page but might need for log-on or for bouncing between various pages there.

My rule of thumb is to leave all blocked or if need be ok ONLY the main site name. If a flash player or whatever is embedded & blocked, putting your cursor over the "F" icon displays who controls the player and I might ok ONLY that one also. Unless it's a site you trust and visit often, I prefer Temporary ok always.

Every browser today is a so called "smart" browser, even Opera servers monitor your activity, you might as well just say you no longer own anything, esp. when it comes to being tracked online. Perhaps the most nuetral browser in this regard is Commodo Dragon, they do not have an agenda while disrupting and thereby destroying your right to privacy.

Well, there's really no safest browser. All browsers has their pros and cons. But if we're talking about minimal vulnerabilities when it comes to security, I will suggest Chrome because it releases a new version with security fixes every fifteen days while Internet Explorer and Firefox releases security updates about once a month.

The big software projects are all full of bugs. In some cases, thousands of them. As a society, we've become so acquainted and familiar with the idea, that we're numb to the consequences. Out of the thousands of reported bugs, it takes one to exploit your computer. There are more unreported bugs than reported ones, as it's a matter of statistical inference.

So - my recommendation is that one should try to have only a minimally exposed attack surface for one's online activities. The browser is just one part of the picture - and itself depends on the attack surface that the user may provide in other ways, and on the operating system's flaws.

So - javascript is often used as an attack surface. If you don't need it, don't use it. For instance, many internet forums do not require that you have javascript turned on in order for them to function properly. I often use a javascript-less browser for forum posts for this reason. Then I don't have to worry about a misconfiguration that turns it back on. I'm not recommending any particular browser. The javascript-less ones (of course) have bugs (just not the javascript oriented ones). Yet - I see my own selection of a javascript-less browser as presenting a smaller attack surface. When I must, I use a javascript enabled browser. Because of all the bugs, I don't necessarily trust any one of them. I'm still looking for improvement. Vivaldi is a new (Opera style) browser that I'm evaluating. I don't have an opinion of it yet.

Another thing that javascript brings into the picture are the subsidiary links. The more out-of-domain links that the main site links to - the larger the attack surface will be. Javascript enables some of these extra links, so turning it off may reduce your attack surface.

Your attack surface is diminished by the use of HTTPS. It's somewhat more difficult for an attacker to insert stuff into HTTPS connections. Always try to connect to sites with that protocol (as shown in the leftmost portion of your address bar). The use of the EFF "https-everywhere" plugin may facilitate this semi-automatically - but I'm not a fan of plugins either. Plugins may bring in their own attack surfaces. (I don't know about the the https-everywhere plugin - heck maybe it's perfect. Doubtful, though - what software have been shown to be perfect?

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Track this thread and email me when there are updates.Please read before posting

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Old Thread Warning!

This thread is more than days old. It is very likely that it does not need any further discussion and replying to it will serve no purpose. However, if you feel it is necessary to make a new reply, you can still do so.

I am aware that this thread is old, but I still want to post a reply.

Checkbox must be checked in order to post in this old thread.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.